diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index f48b66ff90c..93867f7714d 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -2044,83 +2044,83 @@ }, { "ImportPath": "github.com/opencontainers/runc/libcontainer", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/apparmor", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups/fs", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups/systemd", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/configs", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/configs/validate", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/criurpc", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/keys", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/label", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/seccomp", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/selinux", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/stacktrace", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/system", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/user", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/opencontainers/runc/libcontainer/utils", - "Comment": "v1.0.0-rc2-14-g45c30e7", - "Rev": "45c30e75abfd52107b53048004a83165403ad0d1" + "Comment": "v1.0.0-rc2-49-gd223e2a", + "Rev": "d223e2adae83f62d58448a799a5da05730228089" }, { "ImportPath": "github.com/pborman/uuid", diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go index 9692e4fb233..30b20632b54 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go @@ -295,7 +295,7 @@ func (raw *cgroupData) path(subsystem string) (string, error) { // If the cgroup name/path is absolute do not look relative to the cgroup of the init process. if filepath.IsAbs(raw.innerPath) { - // Sometimes subsystems can be mounted togethger as 'cpu,cpuacct'. + // Sometimes subsystems can be mounted together as 'cpu,cpuacct'. return filepath.Join(raw.root, filepath.Base(mnt), raw.innerPath), nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go index 33814ce0f1d..fd428f90cb9 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go @@ -282,7 +282,7 @@ func (m *Manager) Apply(pid int) error { } } - if _, err := theConn.StartTransientUnit(unitName, "replace", properties, nil); err != nil { + if _, err := theConn.StartTransientUnit(unitName, "replace", properties, nil); err != nil && !isUnitExists(err) { return err } @@ -388,7 +388,7 @@ func joinCgroups(c *configs.Cgroup, pid int) error { return nil } -// systemd represents slice heirarchy using `-`, so we need to follow suit when +// systemd represents slice hierarchy using `-`, so we need to follow suit when // generating the path of slice. Essentially, test-a-b.slice becomes // test.slice/test-a.slice/test-a-b.slice. func ExpandSlice(slice string) (string, error) { @@ -546,3 +546,13 @@ func setKernelMemory(c *configs.Cgroup) error { } return fs.EnableKernelMemoryAccounting(path) } + +// isUnitExists returns true if the error is that a systemd unit already exists. +func isUnitExists(err error) bool { + if err != nil { + if dbusError, ok := err.(dbus.Error); ok { + return strings.Contains(dbusError.Name, "org.freedesktop.systemd1.UnitExists") + } + } + return false +} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go index 94b38879ed6..14d62898162 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go @@ -22,7 +22,7 @@ type Cgroup struct { // The path is assumed to be relative to the host system cgroup mountpoint. Path string `json:"path"` - // ScopePrefix decribes prefix for the scope name + // ScopePrefix describes prefix for the scope name ScopePrefix string `json:"scope_prefix"` // Paths represent the absolute cgroups paths to join. @@ -95,7 +95,7 @@ type Resources struct { // IO read rate limit per cgroup per device, bytes per second. BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"` - // IO write rate limit per cgroup per divice, bytes per second. + // IO write rate limit per cgroup per device, bytes per second. BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"` // IO read rate limit per cgroup per device, IO per second. diff --git a/vendor/github.com/opencontainers/runc/libcontainer/console_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/console_linux.go index 7af771b65e3..5bc2fd753b8 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/console_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/console_linux.go @@ -44,7 +44,7 @@ func newConsoleFromPath(slavePath string) *linuxConsole { } } -// linuxConsole is a linux psuedo TTY for use within a container. +// linuxConsole is a linux pseudo TTY for use within a container. type linuxConsole struct { master *os.File slavePath string diff --git a/vendor/github.com/opencontainers/runc/libcontainer/console_windows.go b/vendor/github.com/opencontainers/runc/libcontainer/console_windows.go index a68c02f66b4..fc157e9b307 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/console_windows.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/console_windows.go @@ -5,7 +5,7 @@ func NewConsole(uid, gid int) (Console, error) { return &windowsConsole{}, nil } -// windowsConsole is a Windows psuedo TTY for use within a container. +// windowsConsole is a Windows pseudo TTY for use within a container. type windowsConsole struct { } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/container.go b/vendor/github.com/opencontainers/runc/libcontainer/container.go index 6844fbc7a8f..07822bf800f 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/container.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/container.go @@ -123,7 +123,7 @@ type BaseContainer interface { // SystemError - System error. Start(process *Process) (err error) - // Run immediatly starts the process inside the conatiner. Returns error if process + // Run immediately starts the process inside the conatiner. Returns error if process // fails to start. It does not block waiting for the exec fifo after start returns but // opens the fifo after start returns. // diff --git a/vendor/github.com/opencontainers/runc/libcontainer/label/label.go b/vendor/github.com/opencontainers/runc/libcontainer/label/label.go index 684bb41bdc2..fddec463340 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/label/label.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/label/label.go @@ -9,6 +9,10 @@ func InitLabels(options []string) (string, string, error) { return "", "", nil } +func GetROMountLabel() string { + return "" +} + func GenLabels(options string) (string, string, error) { return "", "", nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/label/label_selinux.go b/vendor/github.com/opencontainers/runc/libcontainer/label/label_selinux.go index 1d9d78a3902..d76846eafbd 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/label/label_selinux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/label/label_selinux.go @@ -33,15 +33,19 @@ func InitLabels(options []string) (string, string, error) { pcon := selinux.NewContext(processLabel) mcon := selinux.NewContext(mountLabel) for _, opt := range options { - if opt == "disable" { + val := strings.SplitN(opt, "=", 2) + if val[0] != "label" { + continue + } + if len(val) < 2 { + return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) + } + if val[1] == "disable" { return "", "", nil } - if i := strings.Index(opt, ":"); i == -1 { - return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) - } - con := strings.SplitN(opt, ":", 2) - if !validOptions[con[0]] { - return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0]) + con := strings.SplitN(val[1], ":", 2) + if len(con) < 2 || !validOptions[con[0]] { + return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type'", con[0]) } pcon[con[0]] = con[1] @@ -55,6 +59,10 @@ func InitLabels(options []string) (string, string, error) { return processLabel, mountLabel, nil } +func GetROMountLabel() string { + return selinux.GetROFileLabel() +} + // DEPRECATED: The GenLabels function is only to be used during the transition to the official API. func GenLabels(options string) (string, string, error) { return InitLabels(strings.Fields(options)) diff --git a/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go index 5b81317fd71..bbcb783fc46 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go @@ -146,7 +146,7 @@ func (p *setnsProcess) execSetns() error { } // terminate sends a SIGKILL to the forked process for the setns routine then waits to -// avoid the process becomming a zombie. +// avoid the process becoming a zombie. func (p *setnsProcess) terminate() error { if p.cmd.Process == nil { return nil @@ -264,7 +264,7 @@ func (p *initProcess) start() error { } }() if err := p.createNetworkInterfaces(); err != nil { - return newSystemErrorWithCause(err, "creating nework interfaces") + return newSystemErrorWithCause(err, "creating network interfaces") } if err := p.sendConfig(); err != nil { return newSystemErrorWithCause(err, "sending config to init process") diff --git a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go index 7f951c8eac6..c968261f7fc 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go @@ -93,7 +93,7 @@ func setupRootfs(config *configs.Config, console *linuxConsole, pipe io.ReadWrit return newSystemErrorWithCause(err, "reopening /dev/null inside container") } } - // remount dev as ro if specifed + // remount dev as ro if specified for _, m := range config.Mounts { if libcontainerUtils.CleanPath(m.Destination) == "/dev" { if m.Flags&syscall.MS_RDONLY != 0 { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/selinux/selinux.go b/vendor/github.com/opencontainers/runc/libcontainer/selinux/selinux.go index 2a18e2ad898..fcaba1d29e6 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/selinux/selinux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/selinux/selinux.go @@ -355,6 +355,12 @@ func FreeLxcContexts(scon string) { } } +var roFileLabel string + +func GetROFileLabel() (fileLabel string) { + return roFileLabel +} + func GetLxcContexts() (processLabel string, fileLabel string) { var ( val, key string @@ -399,6 +405,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) { if key == "file" { fileLabel = strings.Trim(val, "\"") } + if key == "ro_file" { + roFileLabel = strings.Trim(val, "\"") + } } } @@ -406,6 +415,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) { return "", "" } + if roFileLabel == "" { + roFileLabel = fileLabel + } exit: // mcs := IntToMcs(os.Getpid(), 1024) mcs := uniqMcs(1024) diff --git a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go index 2104f1ade7b..9c19ce7ae4a 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go @@ -143,7 +143,7 @@ func (l *linuxStandardInit) Init() error { if err := pdeath.Restore(); err != nil { return err } - // compare the parent from the inital start of the init process and make sure that it did not change. + // compare the parent from the initial start of the init process and make sure that it did not change. // if the parent changes that means it died and we were reparented to something else so we should // just kill ourself and not cause problems for someone else. if syscall.Getppid() != l.parentPid { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go index 7d04eeb6e18..2b35b9a7b62 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go @@ -103,7 +103,7 @@ func SearchLabels(labels []string, query string) string { } // Annotations returns the bundle path and user defined annotations from the -// libcontianer state. We need to remove the bundle because that is a label +// libcontainer state. We need to remove the bundle because that is a label // added by libcontainer. func Annotations(labels []string) (bundle string, userAnnotations map[string]string) { userAnnotations = make(map[string]string)